« Quarantining DHCP clients to reduce worm infection risk | Main | The Future of Viruses on the Internet (1997) »
MWCollect: Malware collection tool
The German Honeynet Alliance has released an interesting tool, mwcollect, that allows you to gather information about malware that attacks commonly abused subsystems, like the Microsoft DCOM system which has had vulnerabilities in the past few years (and several worms have used this, like Sasser and Blaster).
mwcollect is an easy solution to collect worm like malware in a non-native environment like FreeBSD or Linux (you might have compilation issues on FreeBSD though, Debian Linux has been extensively tested). The first versions were used to collect binaries for botnet monitoring and bots are still what mwcollect is mostly collecting. Some people consider it a next generation honeypot, however that comparism often leads to the misunderstanding that computers running mwcollect can actually be infected with the malware - that is not the case!
Source: The mwcollect website.
May 7, 2005 in detection, honeypots, tools | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
